OK, well my understanding of the issues around secure RSS grows by the day. I am now up to the point where I am beginning to know how much I don’t know.

Where are we up to? Well, I have established that there are blog servers that can serve SSL pages. I have established that there are news aggregators that can establish an SSL connection, and also news aggregators that can do HTTP authentication in various ways.

Except the right one.

Most of the corporate intranet applications at my company are authenticated with a digital certificate. This would be the easiest way for me to create the sort of authenticated and filtered news and event notification service that I think we need.

It would work like this: the user chooses a feed (say all new events from our confidential CRM system). He receives XML that is created dynamically and only contains the events he or she is entitled to see according to the normal access he or she has to the CRM system. This access is determined on the server after identifying the user through their digital certificate.

It’s the right thing to do. It would be tres easy. But I can’t do it because none of the existing news aggregators can supply a digital certificate.

I may have to look at an open source aggregator and add this functionality to it. Poor use of my IT budget though.


0 Responses to “Unbingo”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: